News Archive - 2013

The PHP development team announces the immediate availability of PHP
5.4.23. About 10 bugs were fixed, including a security issue in OpenSSL module (CVE-2013-6420).
All PHP 5.4 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.3.28. This release fixes two security issues in OpenSSL module in PHP 5.3 - CVE-2013-4073 and CVE-2013-6420. All PHP 5.3 users are encouraged to upgrade to PHP 5.3.28 or latest versions of PHP 5.4 or PHP 5.5.

The PHP development team announces the immediate availability of PHP 5.5.7. This release fixes some bugs against
PHP 5.5.6 and it also includes a fix for CVE-2013-6420 in OpenSSL extension. All users are strongly encouraged
to upgrade.

The PHP web team are delighted to announce the launch of the new web theme that has been
in beta for many months. Lots of hard work has gone into this release and we will be continually
improving things over time now that we have migrated away from the legacy theme.

From an aesthetics point of view the general color scheme of the website has been lightened from the
older dark purple. Lots of borders and links use a similar purple color to attain
consistency. Fonts are smoother, and colors, contrast and highlighting have significantly improved; especially
on function reference pages. Code examples should now be much more readable.

The theme is marked up using HTML5 and is generally much more modern. We are using Google Fonts and
Bootstrap for our theme base.

To provide valuable feedback, you can use the 'Feedback' widget on the side of the page (not visible
on smartphones) and to report bugs, you can make use of the bugs.php.net
tracker. Despite our extensive multi-device/multi-browser testing, we may have missed something. So, if you
spot any issues please do get in touch.

Special thanks to the guys who helped make this happen, you know who you are!

We are continuing to work through the repercussions of the php.net malware issue described in a news post earlier today. As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net. The method by which these servers were compromised is unknown at this time.

All affected services have been migrated off those servers. We have verified that our Git repository was not compromised, and it remains in read only mode as services are brought back up in full.

As it's possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.

To summarise, the situation right now is that:

JavaScript malware was served to a small percentage of php.net users from the 22nd to the 24th of October 2013.

Neither the source tarball downloads nor the Git repository were modified or compromised.

Two php.net servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.

SSL access to php.net Web sites is temporarily unavailable until a new SSL certificate is issued and installed on the servers that need it.

Over the next few days, we will be taking further action:

php.net users will have their passwords reset. Note that users of PHP are unaffected by this: this is solely for people committing code to projects hosted on svn.php.net or git.php.net.

We will provide a full post mortem in due course, most likely next week. You can also get updates from the official php.net Twitter: @official_php.

On 24 Oct 2013 06:15:39 +0000 Google started saying www.php.net was hosting
malware. The Google Webmaster Tools were initially quite delayed in showing
the reason why and when they did it looked a lot like a false positive
because we had some minified/obfuscated javascript being dynamically
injected into userprefs.js. This looked suspicious to us as well, but
it was actually written to do exactly that so we were quite certain it
was a false positive, but we kept digging.

It turned out that by combing through the access logs for static.php.net
it was periodically serving up userprefs.js with the wrong content length
and then reverting back to the right size after a few minutes. This is due
to an rsync cron job. So the file was being modified locally and reverted.
Google's crawler caught one of these small windows where the wrong file
was being served, but of course, when we looked at it manually it looked
fine. So more confusion.

We are still investigating how someone caused that file to be changed,
but in the meantime we have migrated www/static to new clean servers.
The highest priority is obviously the source code integrity and after
a quick:

git fsck --no-reflog --full --strict

on all our repos plus manually checking the md5sums of the PHP distribution
files we see no evidence that the PHP code has been compromised. We have
a mirror of our git repos on github.com and we will manually check git
commits as well and have a full post-mortem on the intrusion when we have
a clearer picture of what happened.

The PHP development team announces the immediate availability of PHP 5.5.5. This release fixes about twenty bugs against
PHP 5.5.4, some of them regarding the build system. All PHP users are encouraged to upgrade to this new version.

Ski PHP 2014 has announced the
schedule for their upcoming
conference, which will be on January 17-18, 2014 in Salt Lake City, Utah,
USA. Our schedule is anchored by keynotes from Jared Smith, Laura Thomson, and
Chris Hartjes, and also includes talks from Julien Pauli, Ed Finkler, John
Coggeshall, Elizabeth Naramore, and many more.

Our Early Bird registration rate of just $129 is available until October 15th.
Hotel group rate information is available at our site.

Join us for a one day, two-track conference that focuses on PHP and related web technologies. This event is organized by Madison PHP and is designed to offer something to attendees at all skill levels. It will be a day of networking, learning, sharing, and great fun!

Two Tracks
We've carefully crafted two distinct tracks but you're not locked into just one. Attend any talk from any track.

PHP Foundations
Track Learn the basics of PHP development. A carefully selected set of talks for those who have never programmed before or who are new to PHP and would like a refresher of the basics.

PHP Professional Track
Explore new technologies and techniques. Gather with other seasoned developers and increase your value with a series of talks that will both energize and get you excited about the future of PHP.

The PHP development team announces the immediate availability of PHP
5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for CVE-2013-4248 in OpenSSL module and
compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19.

CodeConnexx is a two-day, one track conference that aims to bring together everyone interested in talking about code.

As we know, choosing a career as a coder comes with its own set of life
challenges, and we want to talk about those too. In short, this conference is a
different kind of conference, as it connects those two pieces of the puzzle
together in one event.

Every technical talk will be followed by a talk about life skills and work/life
balance. There will also be plenty of social opportunities to get to know the
other attendees. Not only do we want to help you bridge the gap between work
and life, we want to help you connect with each other as well.

CodeConnexx, hosted by PHPWomen, will
take place in Maastricht,
Netherlands on November 8th & 9th 2013. We sincerely hope you are able to
join us!

The 9th Annual ZendCon will bring together developers, IT managers and PHP
experts from around the world. With a focus on PHP, mobile and cloud
development, attendees at this highly acclaimed conference will expand their
skills and explore new technologies.

ZendCon provides unique opportunities to learn from a wide variety of technical
sessions, hear keynote presentations from thought leaders, and engage with
prominent PHP speakers and vendors. You’ll learn about the latest innovations
and network with peers to solve PHP challenges

The PHP development team announces the immediate availability of PHP
5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718).
All users of PHP are encouraged to upgrade to this release.

The PHP development team announces the immediate availability of PHP
5.4.18. About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248.
All users of PHP are encouraged to upgrade to this release.

There will also be a pre-conference day with hands-on workshops and
deep-dive tutorials, allowing you to work with and learn from some of
the leading experts in their field. With this special discount code:
WPC13PN you can access the Workshops Day for the
special price of $159 instead of $199.

We'll show you how to scale your applications, explain
the details of Continuous Integration or evaluate different approaches to
NoSQL. Attendees will have the opportunity to meet with speakers, core
developers and consultants, and there are often opportunities to evaluate your
code. Community and enterprise projects profit from our international
reputation and impulses given from the developer community..

This year’s Northeast PHP Conference will once again be held in
Boston, MA from August 16 to 18. This year we are adding a day to the
front of the weekend for half-day workshops.

We have 2 great Keynote speakers lined up as well:

Eli White

Eli is a strong advocate for PHP and used it in every project he's
work on. He is currently a Founding Partner & CTO of Musketeers.me,
and the Managing Editor of php|architect magazine. He is also an avid
writer (blogs, articles and books), and has spoken at numerous
conferences.

and Terry Chay

Terry Chay is administrative overhead (Director of Features
Engineering) at the Wikimedia Foundation, maintainers of Wikipedia.
And when he isn’t doing that, he’s saying outrageous things on his
blog.

The PHP development team announces the immediate availability of PHP 5.3.27. About 10 bugs were fixed, including a security fix in the XML parser (Bug #65236).

Please Note: This will be the last regular release of the PHP 5.3 series. All users of PHP are encouraged to upgrade to PHP 5.4 or PHP 5.5. The PHP 5.3 series will receive only security fixes for the next year.

The PHP development team announces the immediate availability of PHP 5.4.16 and PHP 5.3.26. These releases fix about 15 bugs, including CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16.

ThinkInLAMP is pleased to announce the first Shanghai PHP conference 2013.
This event will be held on Sunday June 30th 2013 in Shanghai, China. A
community oriented conference which is organized by an excellent line up
and socials.

This event will concentrate on PHP languages and web based technologies
used today; extension, latest dynamics and new applications within the
increased demand for developers and everyone who is interested in PHP
language.

There will be more than 500 developers owned over 3 year’s
experiences andsenior technical persons come for learning and networking.
Register soon as the Early Bird discount rate expires on May 30.

Please help us to identify bugs in order to ensure that the release is solid and all things behave as expected.
Please test this release candidate against your code base and report any problems that you encounter to the
QA mailing list and/or the PHP bug tracker.

We weren't trying to pull an April Fool's Day joke in May. A temporary glitch caused the latest distributions of PHP to not properly propagate to the mirror servers. This has been fixed at the root level, and it's now being distributed to all of the mirrors. We'll take some bacon to go with the egg on our faces, please!

If you continue to experience issues with downloading these versions after 21:00 UTC on 9 May, 2013, please drop us a line at php-mirrors@lists.php.net, telling us from which mirror you're trying to download, and we'll get it resolved.

We apologize for the delays and confusion this may have caused, and thank you for using PHP.

Note that our release candidate cycle is only meant to bug fixes, no more features will be added to PHP 5.5 from now.

Please help us to identify bugs in order to ensure that the release is solid and all things behave as expected.
Please test this release candidate against your code base and report any problems that you encounter to the
QA mailing list and/or the PHP bug tracker.

We would like to thank all people helping us making PHP better by testing it and reporting problems, as well as all its
contributors for their great work on this 5.5 version of PHP.

The PHP development team announces the immediate availability of PHP 5.4.15 and PHP 5.3.25. These releases fix about 10 bugs aswell as upgrading the bundled libmagic library. All users of PHP are encouraged to upgrade to PHP 5.4.15.

DevConf is the ultimate meeting place for russian-speaking web-developers,
combining several language-specific conferences under one roof.

This year DevConf will include the following sections:

DevConf::PHP();

DevConf::Ruby();

DevConf::Python();

DevConf::Javascript();

DevConf::Mobi();

Each section will feature several talks from the active contributors/authors of the language.
Among the invited speakers are Dmitry Stogov (maintainer of Zend Engine and Zend OpCache and many more),
Chiu-Ki Chan (Google), Lennart Regebro, Andrey Aksyonov (author of Sphinx), Alexey Rybak (Badoo),
Alexander Makarov (one of the main contributors to Yii), Sergey Petrunya (of MariaDB fame),
and many others, see more details on the official website.

This year we gathered the best of the programming world. With several
talks that cover a wide range of topics related to web development,
PHP Conference
Argentina is a conference no programmer wishes to miss
(whether or not they use PHP.)

Ibuildings is proud to organise the seventh Dutch PHP Conference on June 7 and
8, plus a pre-conference tutorial day on June 6. Both programs will be
completely in English so the only Dutch thing about it is the location.

This year we have 30+ speakers gathering in Amsterdam. The 3-track main
conference covers topics like PHP 5.5, software design, APIs, Zend Framework 2,
Symfony 2, security, scalability and more. Our Tutorial Day has an additional
16 in-depth sessions to choose from.

Your DPC ticket also lets you into the Dutch Mobile Conference: an additional
two tracks about cutting edge javascript and non-native application
development. This year features several side events: a bigger and better
unconference, a Zend sponsored hackathon, a social in downtown Amsterdam, and a
Symfony2 certification exam.

The Early Bird special ends April 28th, so book right away for a 15% discount.
We look forward to seeing you in June!

PHPSouthAfrica is a 2
day conference (October 4th & 5th) to be hosted in the most
beautiful city in the world, Cape Town South Africa. It is aimed
at proficient developers, new developers and people who care about
developers.

PHP is one of the most popular web programming languages used today
to power most websites. As the language continues to grow stronger,
PHP has now been linked with mobile powered applications. We are
noticing a migration from mobile language applications to web based
technologies (JavaScript, HTML5,CSS).

PHPSouthAfrica has been a long time coming. With the increased
demand for PHP programmers, not only locally but also
internationally, our vision is to marry the latest technologies
with international speakers. We are creating a conference that
will hone established developers, but also assist up and coming
programmers develop and learn new skills.With the conference
based in Cape Town, it gives us the opportunity to showcase
“The Mother City,” voted one of the top 10 places to visit and
home of Table Mountain- one of the New7Wonders of Nature.

The PHP development team announces the immediate availability of PHP 5.4.14 and PHP 5.3.24. These releases fix about 10 bugs aswell as upgrading the bundled PCRE library. All users of PHP are encouraged to upgrade to PHP 5.4.14.

The PHP development team announces the release of the first beta of PHP 5.5.0.
This release is the first to include the Zend OPCache.
Please help our efforts to provide a stable PHP version and test this version carefully
against several different applications, with Zend OPCache enabled and report any bug in
the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

PHP 5.5.0beta1 is shipped with improvements. Here is an incomplete list:

Added Zend Opcache extension (but disabled by ini setting),

Added array_column function which returns a column in a multidimensional
array,

Added support for non-scalar Iterator keys in foreach,

Added support for changing the process's title in CLI/CLI-Server SAPIs

You can read the full list of changes in the
NEWS file contained
in the release archive.

This beta marks the beginning of the feature freeze. No new
features will be added to PHP 5.5 after this point. Please,
test and help us to roll out a stable release. Our next beta is
planned for April 4th.

The PHP development team announces the immediate availability of PHP 5.4.13 and PHP 5.3.23. These releases fix about 15 bugs, including fixes for CVE-2013-1643 and CVE-2013-1635. All users of PHP are encouraged to upgrade to PHP 5.4.13.

The PHP development team announces the release of PHP 5.5.0alpha6.
This release fixes some bugs from alpha5. It also serves as a delay for our next release, beta1,
integrating ZendOptimizer+ OPCode cache which is not ready yet to be merged.
All users of PHP are encouraged to test this version carefully,
and report any bugs in the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

PHP 5.5.0alpha6 is shipped with improvements. Here is an incomplete list:

Again, the conference will focus on main topics for developers and core-technologies for decision makers. We will show how to scale your applications, explain the details of Continuous Integration or evaluate different approaches to NoSQL. Attendees will have the opportunity to meet with speakers, core-developers and consultants, often there is a chance for an evaluation of your code. Community as well as enterprise projects profit from our international reputation and impulses given from the developer community.

The PHP development team announces the release of PHP 5.5.0alpha5.
This release fixes some bugs from alpha4 and adds some new features.
All users of PHP are encouraged to test this version carefully,
and report any bugs in the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

PHP 5.5.0alpha5 is shipped with new features and improvements. Here is an incomplete list:

Added the ability to change the tmp dir PHP will use during runtime, using a new php.ini
entry,

Added mysqli_begin_transaction()/mysqli::begin_transaction(). Implemented all
options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT
and ROLLBACK through options to mysqli_commit()/mysqli_rollback() and their
respective OO counterparts.
These changes are reflected in the mysqlnd API as well,

Added recvmsg() and sendmsg() wrappers for ext/sockets

You can read the full list of changes in the
NEWS file contained
in the release archive.

Alpha5 is the last alpha for PHP 5.5. There has been a delay in alpha releases due to late coming new features.
We are now beginning the betas, and the first beta
is expected for March 7th. Betas won't add any new features, except the first one, but consolidate the source
code and fix found bugs.

The conference
schedule & speaker selection for tek13 have now been posted online.
tek13 is taking place from May 14th - 17th, 2013 in it's traditional
Chicago, IL location. This year we've decided to expand the conference,
and it is now running 4 parallel tracks! Register
soon as the Early Bird discount rate expires on February 28th.

The PHP development team announces the release of PHP 5.5.0alpha4.
This release fixes some bugs from alpha3 and adds some new features.
All users of PHP are encouraged to test this version carefully,
and report any bugs in the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

PHP 5.5.0alpha4 is shipped with new features and improvements such as (incomplete list):

Class Name Resolution as scalar via "class" keyword,

Added DateTimeImmutable class, a variant of DateTime that only returns the
modified state instead of changing itself

You can read the full list of changes in the
NEWS file contained
in the release archive.

Alpha4 is the last alpha for PHP 5.5. We are now beginning the betas, and the first beta
is expected for February 7th. Betas won't add any new features but consolidate the source
code and fix found bugs.

Save $145 on ConFoo tickets by purchasing before January 20th. Register online without delay. ConFoo 2013 will be held on February 27th through March 1st in Montreal, Canada and is loaded with PHP content.

We gathered 100 speakers from around the world to talk about all aspects of web programming. The conference is preceeded by two training days. Places are very limited. Choose from 4 training topics:

The PHP development team announces the release of PHP 5.5.0alpha3.
This release adds few features and fix some bugs from alpha2.
All users of PHP are encouraged to test this version carefully,
and report any bugs in the bug tracking system.

THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!

PHP 5.5.0 Alpha 3 comes with new features and improvements such as (incomplete list) :

Generator::throw() method,

New cURL functions and options such as curl_escape(), curl_multi_setopt(), curl_multi_strerror(),
curl_pause(), curl_reset()...

Max-Age attribute support in setcookie(),

Few bug fixes in mysqlnd and core

You can read the full list of changes in the
NEWS file contained
in the release archive.